allsource-core 0.19.1

High-performance event store core built in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437

use crate::error::{AllSourceError, Result};
use parquet::file::reader::{FileReader, SerializedFileReader};
use sha2::{Digest, Sha256};
use std::path::Path;

/// Storage integrity checker (SierraDB Pattern)
///
/// Prevents silent data corruption with checksums.
/// Based on production lessons from SierraDB event store.
///
/// # SierraDB Pattern
/// - Checksums detect corruption in storage
/// - Critical for long-running production systems
/// - Verifies WAL segments and Parquet files
///
/// # Design
/// - SHA-256 for cryptographic strength
/// - Per-segment checksums for WAL
/// - Per-file checksums for Parquet
/// - Incremental verification (not full scan)
pub struct StorageIntegrity;

impl StorageIntegrity {
    /// Compute SHA-256 checksum for data
    ///
    /// Returns hex-encoded checksum string.
    ///
    /// # Example
    /// ```
    /// use allsource_core::infrastructure::persistence::StorageIntegrity;
    ///
    /// let data = b"hello world";
    /// let checksum = StorageIntegrity::compute_checksum(data);
    /// assert_eq!(checksum.len(), 64); // SHA-256 is 32 bytes = 64 hex chars
    /// ```
    pub fn compute_checksum(data: &[u8]) -> String {
        let mut hasher = Sha256::new();
        hasher.update(data);
        format!("{:x}", hasher.finalize())
    }

    /// Verify data against expected checksum
    ///
    /// Returns true if checksums match, false otherwise.
    ///
    /// # Example
    /// ```
    /// use allsource_core::infrastructure::persistence::StorageIntegrity;
    ///
    /// let data = b"hello world";
    /// let checksum = StorageIntegrity::compute_checksum(data);
    /// assert!(StorageIntegrity::verify_checksum(data, &checksum).unwrap());
    /// ```
    pub fn verify_checksum(data: &[u8], expected: &str) -> Result<bool> {
        let computed = Self::compute_checksum(data);
        Ok(computed == expected)
    }

    /// Verify data and return error if mismatch
    ///
    /// More convenient than verify_checksum for error handling.
    pub fn verify_or_error(data: &[u8], expected: &str) -> Result<()> {
        if !Self::verify_checksum(data, expected)? {
            return Err(AllSourceError::StorageError(format!(
                "Checksum mismatch: expected {}, computed {}",
                expected,
                Self::compute_checksum(data)
            )));
        }
        Ok(())
    }

    /// Compute checksum with metadata
    ///
    /// Includes data length and optional label in checksum.
    /// Prevents length extension attacks and provides context.
    pub fn compute_checksum_with_metadata(data: &[u8], label: Option<&str>) -> String {
        let mut hasher = Sha256::new();

        // Include length to prevent length extension
        hasher.update((data.len() as u64).to_le_bytes());

        // Include label if provided
        if let Some(l) = label {
            hasher.update(l.as_bytes());
        }

        // Include actual data
        hasher.update(data);

        format!("{:x}", hasher.finalize())
    }

    /// Verify WAL segment integrity
    ///
    /// WAL segments are critical for durability.
    /// Any corruption means potential data loss.
    ///
    /// # Returns
    /// - Ok(true) if segment is valid
    /// - Ok(false) if segment doesn't exist
    /// - Err if corruption detected
    pub fn verify_wal_segment(segment_path: &Path) -> Result<bool> {
        if !segment_path.exists() {
            return Ok(false);
        }

        // Read segment file
        let data = std::fs::read(segment_path).map_err(|e| {
            AllSourceError::StorageError(format!("Failed to read WAL segment: {e}"))
        })?;

        // WAL format: [checksum: 64 bytes][data: N bytes]
        if data.len() < 64 {
            return Err(AllSourceError::StorageError(
                "WAL segment too short for checksum".to_string(),
            ));
        }

        let stored_checksum = String::from_utf8_lossy(&data[0..64]).to_string();
        let segment_data = &data[64..];

        Self::verify_or_error(segment_data, &stored_checksum)?;
        Ok(true)
    }

    /// Verify Parquet file integrity
    ///
    /// Opens the Parquet file and validates:
    /// - Magic bytes (PAR1 header/footer)
    /// - Footer metadata (schema, row groups, column chunks)
    /// - Page-level CRC checksums when present in column chunks
    ///
    /// # Safety / trust boundary
    /// `file_path` must come from a trusted source — this function is only
    /// called internally with paths that the storage layer discovered by
    /// enumerating files under the configured `data_dir`. It does NOT accept
    /// user-controlled input directly; callers that want to verify a
    /// user-supplied filename MUST canonicalize it and confirm the resolved
    /// path is still contained within `data_dir` before calling this.
    ///
    /// # Returns
    /// - Ok(true) if file is valid
    /// - Ok(false) if file doesn't exist
    /// - Err if corruption detected
    pub fn verify_parquet_file(file_path: &Path) -> Result<bool> {
        if !file_path.exists() {
            return Ok(false);
        }

        let file = std::fs::File::open(file_path).map_err(|e| {
            AllSourceError::StorageError(format!("Failed to open Parquet file: {e}"))
        })?;

        // SerializedFileReader validates magic bytes and parses the footer/metadata.
        // If the file is truncated or the footer is corrupt, this returns an error.
        let reader = SerializedFileReader::new(file).map_err(|e| {
            AllSourceError::StorageError(format!(
                "Parquet metadata verification failed for {}: {e}",
                file_path.display()
            ))
        })?;

        let metadata = reader.metadata();
        let file_metadata = metadata.file_metadata();

        // Verify each row group's column chunk metadata is readable
        for rg_idx in 0..metadata.num_row_groups() {
            let row_group = metadata.row_group(rg_idx);
            for col_idx in 0..row_group.num_columns() {
                let col = row_group.column(col_idx);
                // Access column metadata to ensure it's not corrupt
                let _compression = col.compression();
                let _num_values = col.num_values();
                // Verify byte range is sane
                let (start, len) = col.byte_range();
                if len == 0 && col.num_values() > 0 {
                    return Err(AllSourceError::StorageError(format!(
                        "Parquet column chunk {col_idx} in row group {rg_idx} has zero bytes but {} values in {}",
                        col.num_values(),
                        file_path.display()
                    )));
                }
                let _ = start; // used for the sane check above
            }
        }

        // Verify we can read the schema
        let _schema = file_metadata.schema_descr();
        let _num_rows = file_metadata.num_rows();

        Ok(true)
    }

    /// Batch verify multiple files
    ///
    /// Efficiently verify multiple files with progress reporting.
    pub fn batch_verify<P: AsRef<Path>>(
        paths: &[P],
        progress_callback: Option<&dyn Fn(usize, usize)>,
    ) -> Result<Vec<bool>> {
        let mut results = Vec::new();

        for (idx, path) in paths.iter().enumerate() {
            let path = path.as_ref();

            // Determine file type and verify
            let result = if path.extension().and_then(|s| s.to_str()) == Some("wal") {
                Self::verify_wal_segment(path)?
            } else if path.extension().and_then(|s| s.to_str()) == Some("parquet") {
                Self::verify_parquet_file(path)?
            } else {
                false
            };

            results.push(result);

            // Report progress
            if let Some(callback) = progress_callback {
                callback(idx + 1, paths.len());
            }
        }

        Ok(results)
    }
}

/// Integrity check result
#[derive(Debug, Clone, PartialEq)]
pub struct IntegrityCheckResult {
    pub path: String,
    pub valid: bool,
    pub checksum: Option<String>,
    pub error: Option<String>,
}

impl IntegrityCheckResult {
    pub fn success(path: String, checksum: String) -> Self {
        Self {
            path,
            valid: true,
            checksum: Some(checksum),
            error: None,
        }
    }

    pub fn failure(path: String, error: String) -> Self {
        Self {
            path,
            valid: false,
            checksum: None,
            error: Some(error),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use arrow::{
        array::{Int32Array, StringArray},
        datatypes::{DataType, Field, Schema},
        record_batch::RecordBatch,
    };
    use parquet::arrow::ArrowWriter;
    use std::sync::Arc;
    use tempfile::NamedTempFile;

    /// Helper to create a valid Parquet file for testing
    fn create_test_parquet_file() -> NamedTempFile {
        let schema = Arc::new(Schema::new(vec![
            Field::new("id", DataType::Int32, false),
            Field::new("name", DataType::Utf8, false),
        ]));

        let ids = Int32Array::from(vec![1, 2, 3]);
        let names = StringArray::from(vec!["alpha", "beta", "gamma"]);
        let batch = RecordBatch::try_new(schema.clone(), vec![Arc::new(ids), Arc::new(names)])
            .expect("valid batch");

        let tmp = NamedTempFile::new().expect("create temp file");
        let mut writer =
            ArrowWriter::try_new(tmp.reopen().expect("reopen"), schema, None).expect("writer");
        writer.write(&batch).expect("write batch");
        writer.close().expect("close writer");

        tmp
    }

    #[test]
    fn test_verify_parquet_file_valid() {
        let tmp = create_test_parquet_file();
        let result = StorageIntegrity::verify_parquet_file(tmp.path());
        assert!(result.is_ok());
        assert!(result.unwrap());
    }

    #[test]
    fn test_verify_parquet_file_nonexistent() {
        let result = StorageIntegrity::verify_parquet_file(Path::new("/nonexistent/file.parquet"));
        assert!(result.is_ok());
        assert!(!result.unwrap());
    }

    #[test]
    fn test_verify_parquet_file_corrupt() {
        let tmp = NamedTempFile::new().expect("create temp file");
        std::fs::write(tmp.path(), b"this is not a parquet file").expect("write corrupt data");

        let result = StorageIntegrity::verify_parquet_file(tmp.path());
        assert!(result.is_err());
        let err = result.unwrap_err();
        assert!(matches!(err, AllSourceError::StorageError(_)));
    }

    #[test]
    fn test_verify_parquet_file_truncated() {
        // Write valid magic bytes but truncate the rest
        let tmp = NamedTempFile::new().expect("create temp file");
        std::fs::write(tmp.path(), b"PAR1").expect("write truncated data");

        let result = StorageIntegrity::verify_parquet_file(tmp.path());
        assert!(result.is_err());
    }

    #[test]
    fn test_batch_verify_with_parquet() {
        let tmp = create_test_parquet_file();
        // batch_verify checks file extension, so copy to a .parquet path
        let parquet_path = tmp.path().with_extension("parquet");
        std::fs::copy(tmp.path(), &parquet_path).expect("copy to .parquet");
        let paths = vec![parquet_path.clone()];
        let results = StorageIntegrity::batch_verify(&paths, None).expect("batch verify");
        assert_eq!(results.len(), 1);
        assert!(results[0]);
        std::fs::remove_file(&parquet_path).ok();
    }

    #[test]
    fn test_compute_checksum() {
        let data = b"hello world";
        let checksum = StorageIntegrity::compute_checksum(data);

        // SHA-256 produces 32 bytes = 64 hex characters
        assert_eq!(checksum.len(), 64);

        // Checksums should be deterministic
        let checksum2 = StorageIntegrity::compute_checksum(data);
        assert_eq!(checksum, checksum2);
    }

    #[test]
    fn test_verify_checksum() {
        let data = b"test data";
        let checksum = StorageIntegrity::compute_checksum(data);

        assert!(StorageIntegrity::verify_checksum(data, &checksum).unwrap());

        // Wrong checksum should fail
        assert!(!StorageIntegrity::verify_checksum(data, "wrong").unwrap());
    }

    #[test]
    fn test_verify_or_error() {
        let data = b"test data";
        let checksum = StorageIntegrity::compute_checksum(data);

        // Valid checksum should succeed
        assert!(StorageIntegrity::verify_or_error(data, &checksum).is_ok());

        // Invalid checksum should error
        let result = StorageIntegrity::verify_or_error(data, "wrong");
        assert!(result.is_err());
        assert!(matches!(result, Err(AllSourceError::StorageError(_))));
    }

    #[test]
    fn test_checksum_with_metadata() {
        let data = b"test";

        let checksum1 = StorageIntegrity::compute_checksum_with_metadata(data, Some("label1"));
        let checksum2 = StorageIntegrity::compute_checksum_with_metadata(data, Some("label2"));

        // Different labels produce different checksums
        assert_ne!(checksum1, checksum2);

        // Same label produces same checksum
        let checksum3 = StorageIntegrity::compute_checksum_with_metadata(data, Some("label1"));
        assert_eq!(checksum1, checksum3);
    }

    #[test]
    fn test_different_data_different_checksums() {
        let data1 = b"hello";
        let data2 = b"world";

        let checksum1 = StorageIntegrity::compute_checksum(data1);
        let checksum2 = StorageIntegrity::compute_checksum(data2);

        assert_ne!(checksum1, checksum2);
    }

    #[test]
    fn test_empty_data() {
        let data = b"";
        let checksum = StorageIntegrity::compute_checksum(data);

        // Should still produce valid checksum
        assert_eq!(checksum.len(), 64);
        assert!(StorageIntegrity::verify_checksum(data, &checksum).unwrap());
    }

    #[test]
    fn test_large_data() {
        let data = vec![0u8; 1_000_000]; // 1MB
        let checksum = StorageIntegrity::compute_checksum(&data);

        assert_eq!(checksum.len(), 64);
        assert!(StorageIntegrity::verify_checksum(&data, &checksum).unwrap());
    }

    #[test]
    fn test_integrity_check_result() {
        let success = IntegrityCheckResult::success("test.wal".to_string(), "abc123".to_string());
        assert!(success.valid);
        assert_eq!(success.checksum, Some("abc123".to_string()));
        assert_eq!(success.error, None);

        let failure = IntegrityCheckResult::failure(
            "test.wal".to_string(),
            "corruption detected".to_string(),
        );
        assert!(!failure.valid);
        assert_eq!(failure.checksum, None);
        assert_eq!(failure.error, Some("corruption detected".to_string()));
    }
}